Privacy

Your Data

A plain-English overview of what AdaptivMapr stores about you, how to export it, and how to delete your account. For the full legal text, see our Privacy Policy.

What personal data we store

Account email

Your email address is the only identifier we collect. It lives in our session tokens (signed JWTs — never stored in plain text) and is optionally written to the Supabase-backed tenant record when you first sign in.

Magic-link tokens & sessions

When you request a sign-in link we mint a short-lived (15-minute) HMAC-signed token. On click, that token is burned (single-use) and swapped for a 7-day session cookie. We never store passwords — there are none.

Uploaded files & mappings

Files you upload are parsed in-memory. In schema-only mode only column headers and up to 3 sample values (≤80 chars each) are retained — row content is never persisted. Uploaded data lives at most 24 hours before automatic deletion. Mapping decisions (which header mapped to which target field) may be kept to improve the statistics layer; you can opt out in workspace settings.

API keys

We store only a key identifier (not the full secret) in the database, used for revocation lookups. The full key string is shown once at creation time and never stored by us.

Usage & audit logs

API request metadata (timestamp, endpoint, response status, duration, billed unit count) and a hash-chained audit log (key creation/revocation, billing events) are retained. Billing records are kept for 7 years to meet accounting law. Edge request logs are retained for 14 days.

Billing data

If you subscribe, Stripe holds your card details — we never see them. We store your Stripe customer ID, subscription plan, and invoicing metadata. Billing address and VAT number if you supply them.

We do not collect biometric data, precise geolocation, behavioural analytics, or advertising identifiers. See §2 of the Privacy Policy for the complete list.

How to export your data

You have the right to receive a copy of your personal data in a machine-readable format (data portability under GDPR Art. 20 / nFADP Art. 25).

Self-serve via the dashboard

Sign in at /dashboard to review your API keys, usage logs, and workspace settings. Uploaded files are visible in the Workbench during their 24-hour retention window.

Full data export

For a structured export (JSON) of everything we hold — account record, mapping history, billing metadata — email dpo@adaptivmapr.com with the subject line Data export request. We respond within one month.

How to delete your account

Deleting your account removes your workspace tenant record, API keys, mapping statistics, and uploaded data. Audit logs and billing records required by tax law are retained for up to 7 years; all other data is deleted immediately.

Self-serve (instant)

Go to Dashboard → Settings → Account and use the “Delete account” action. You will be asked to type your email address to confirm before anything is deleted.

Email request

If you cannot access the dashboard, email dpo@adaptivmapr.com with the subject line Account deletion request from the address registered to your account. We will action the request within one month.

Your other rights

Depending on where you live you may also have the right to access, correct, restrict, or object to our processing of your personal data. See §8 of the Privacy Policy for the full list. To exercise any right, email dpo@adaptivmapr.com.